CVE-2008-4868
Published: 1 November 2008
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
Notes
Author | Note |
---|---|
mdeslaur | Code in ffmpeg in gutsy, hardy, intrepid and jaunty doesn't free, so not vulnerable. kino is built with --disable-local-ffmpeg, so it's not vulnerable |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
karmic |
Not vulnerable
(code not present)
|
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Not vulnerable
(code not present)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: Introduced by http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=03bbae75cfbdac8012251eceb5748430f34c83d9 break-fix: http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=03bbae75cfbdac8012251eceb5748430f34c83d9 - upstream: http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14766&r2=14787 upstream: http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14787&r2=14788 upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=e0c16d7619617d726f5fa4f586ff74a43f445a89 upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=be8ff464977e36d7784a2dd1a9cb1a6d32ef4574 |
||
ffmpeg-debian Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
gstreamer0.10-ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
karmic |
Not vulnerable
(code not present)
|
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Not vulnerable
(code not present)
|
|
natty |
Not vulnerable
(code not present)
|
|
oneiric |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
kino Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Not vulnerable
(uses system ffmpeg)
|
|
hardy |
Not vulnerable
(uses system ffmpeg)
|
|
intrepid |
Not vulnerable
(uses system ffmpeg)
|
|
jaunty |
Not vulnerable
(uses system ffmpeg)
|
|
karmic |
Not vulnerable
(uses system ffmpeg)
|
|
lucid |
Not vulnerable
(uses system ffmpeg)
|
|
maverick |
Not vulnerable
(uses system ffmpeg)
|
|
natty |
Not vulnerable
(uses system ffmpeg)
|
|
oneiric |
Not vulnerable
(uses system ffmpeg)
|
|
upstream |
Needs triage
|
|
mplayer Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(uses system ffmpeg)
|
|
maverick |
Not vulnerable
(uses system ffmpeg)
|
|
natty |
Not vulnerable
(uses system ffmpeg)
|
|
oneiric |
Not vulnerable
(uses system ffmpeg)
|
|
upstream |
Needs triage
|
|
xmovie Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|